Our Security Commitment

You trust Lang.ai to help you structure your organization data. Our most important job is to keep your data safe along the way.

We provide our customers with security features like Role Based Access Controls, Multi-Factor authentication (MFA), and Single Sign-On (SSO).

Security Logo
Divider

Enterprise-grade compliance

Lang.ai is audited every year to ensure we have enterprise-grade security measures in place to effectively protect your data.
SOC 2 Type II

Our SOC 2 Type II report attests to the controls we have in place governing the security of customer data as they map to Trust Service Principles established by the AICPA.

General Data Protection Regulation (GDPR)

At Lang.ai, we have worked to enhance our products, processes, and procedures to ensure our practices are GDPR-compliant.

California Consumer Privacy Act (CCPA)

Lang.ai acts as a service provider to customers under the California Consumer Privacy Act (CCPA), and we support our customers’ compliance with the CCPA.

HIPAA Compliance

Lang.ai is optimized to be in line with all requirements of HIPAA, and we are able to execute a HIPAA Business Associate Agreements (BAAs) when required to ensure the security of PHI data.

Divider

Security Practices

We partnered with Vanta to continuously monitor our policies, procedures, and infrastructure to ensure we adhere to industry-standard security, privacy, confidentiality, and availability standards.
Green check
Confidentiality

Access to customer data is limited to authorized employees who require it for their job. Every access request needs to be approved and it's logged. MFA is enforced in all of our internal systems.

Green check
Network protection

Production servers and databases are hosted in a dedicated VPC and are not publicly accessible. All servers are configured with two-factor authentication and all unnecessary ports are blocked by AWS Security Groups.

Data encryption

All customer data is encrypted at rest and in transit. We rely on AWS infrastructure to securely maintain our cryptographic encryption keys. Data is encrypted in-transit using TLS 1.2+ and at-rest using an industry standard AES-256 encryption algorithm.

Secure development practices

Our infrastructure is defined and deployed using Terraform, with all changes reviewed prior to deployment. Our development and testing environments are separate from its production environment. Code development is done through a standard process that requires reviews.

Secure infrastructure

Lang.ai hosts all its software in Amazon Web Services (AWS) facilities in the USA and Europe. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 1-3, and ISO 27001. See Amazon’s compliance documents for more information.

Vulnerability management

We engage with third-parties to conduct penetration tests of the production environment at least annually. We have a process to automatically detect system vulnerabilities. We also collaborate with security researchers through our Vulnerability Disclosure Program.

Backups

Backups are performed daily and retained in accordance with a pre-defined schedule in the Backup Policy. Amazon S3 storage buckets are versioned. Our disaster recovery plan is tested every year.

Incident response

We implemented an incident response policy that includes creating, prioritizing, assigning, and tracking follow-ups to completion. Breaches will be reported within 72 hours. A status page is kept up-to-date to inform of any incidents.